Slashdot Mirror

← Back to Stories (view on slashdot.org)

ReCAPTCHA.net Now Vulnerable to Algorithmic Attack

Posted by timothy on from the bless-you! dept.

n3ond4x writes "reCAPTCHA.net algorithms have been developed to solve the current CAPTCHA at an efficacy of 30%. The algorithms were disclosed at DEFCON 18 over the weekend and have since been made available online. Also available is a video demonstration of random reCAPTCHA.net CAPTCHAs being subjected to the algorithms." There's probably an excellent Firefox plugin to render this page's color scheme more bearable. Note: the PowerPoint presentation linked opens fine in OpenOffice, and the video speaks for itself.

6 of 251 comments (clear)

  1. OCR improvements? by Anonymous Coward · · Score: 3, Interesting

    Can these attack algorithms actually increase the accuracy of normal OCR programs?

  2. Is this related? by Khyber · · Score: 4, Interesting

    Anybody that pays attention to 4chan recently knows they had to implement captcha due to a massive spamflood of infected morons. recaptcha got busted thanks to someone in /g/ who leaked the vulnerability in the sound system for reCAPTCHA, and the whole site was again inundated with spam, though not to the degree as the original spam attack.

    --
    Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
  3. Re:Speaking about re-captcha by imsabbel · · Score: 4, Interesting

    Hm.
    So its for-profit work for the biggest advertising firm in the world.
    Sort of expected project gutenberg or something.
    Too bad.

    --
    HI O WISE PRINCE. WHT TOOK U SO DAM LONG?
  4. New Human Verification Scheme by BlueMonk · · Score: 3, Interesting

    Seeing this article gave me an idea to come up with a new human verification process. I created a C# program in about an hour that loads images from Google images based on searching for 3 of 2000+ nouns. It shows 3 examples of each noun and asks the user to pick the correct noun from a list of 6. This program is just a proof of concept of course. Could this become useful? (Binary and source code included.)
    http://enigmadream.com/misc/HumanVerification.zip

    1. Re:New Human Verification Scheme by KahabutDieDrake · · Score: 2, Interesting

      If you used something that wasn't a public resource based around text strings, then yes.

      Better still... show a bank of images, ask which one has a happy little girl in it. (all images contain a girl, only one obviously happy). Randomize the backend with a cryptographic routine (so the file names don't give anything away) and you are set for a while. Computers are terrible at such things, people are pretty good at it.

  5. Let's hope they hit 100% by drinkypoo · · Score: 2, Interesting

    Then we can just put reCAPTCHA on all pages being used for spam, and get transcription services for free.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"